OZBİLİM TEXTILE MACHINERY IND. TRADE CO. LTD.
CORPORATE PERSONAL DATA PROTECTION POLICY
Document Information
Document Name: Personal Data Protection Policy
Document Relevance: The purpose of the Personal Data Protection Policy is to plan the processes for the protection of personal data by OZBİLİM TEXTILE MACHINERY IND. TRADE CO. LTD. and to determine the principles to be applied in this regard.
Publication Date:
Version No: 1
Reference / Justification: Personal Data Protection Law No. 6698 and other legislation
Approval Authority: OZBİLİM TEXTILE MACHINERY IND. TRADE CO. LTD. Board of Directors
OZBİLİM TEXTILE MACHINERY IND. TRADE CO. LTD.
CORPORATE PERSONAL DATA PROTECTION POLICY
1. PURPOSE
The right of every individual to request the protection of personal data related to him/her is a sacred right arising from the Constitution. As OZBİLİM TEXTILE MACHINERY IND. TRADE LTD. STI., we consider fulfilling the requirements of this right as one of our most valuable duties. For this reason, we attach importance to the processing and protection of your personal data in accordance with the law.
The Corporate Personal Data Protection Policy has been prepared to determine the principles we base ourselves on and the procedures we apply when processing and protecting personal data as a result of the importance we attach to the protection of personal data.
2. SCOPE
Policy OZBİLİM TEXTILE MACHINERY IND. TRADE LTD. All personal data managed by ŞTİ. covers all kinds of operations performed on data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of data, either fully or partially by automatic means or non-automatic means provided that it is part of any data recording system.
The Policy is related to all personal data processed by ÖZBİLİM TEKSTİL MAKİNALARI SAN. TİC. LTD. ŞTİ. of its partners, authorities, customers, employees, supplier authorities and employees, and third parties.
ÖZBİLİM TEKSTİL MAKİNALARI SAN. TİC. LTD. ŞTİ. may amend the Policy for the purposes of compliance with the legislation and the decisions of the Personal Data Protection Authority and better protection of personal data.
3. DEFINITIONS
Abbreviation Definition
Recipient Group
The category of real or legal persons to whom personal data is transferred by the data controller.
Explicit Consent Consent based on information and expressed with free will regarding a specific subject.
Anonymization
Making personal data in a way that it cannot be associated with an identified or identifiable natural person, even by matching it with other data.
Relevant Person
The natural person whose personal data is processed.
Relevant User
Individuals who process personal data within the data controller organization or in accordance with the authorization and instructions received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of data.
Destruction Deletion, destruction or anonymization of personal data. www.akkasgroup.com
Law/KVKK Personal Data Protection Law No. 6698.
Recording Medium
Any medium containing personal data processed by fully or partially automatic means or non-automatic means provided that it is part of any data recording system.
Personal Data Any information related to an identified or identifiable natural person.
Data Inventory
The inventory that data controllers create by associating the personal data processing activities they carry out in connection with their business processes with the purposes and legal reason for processing personal data, data category, transferred recipient group and data subject group, and detail the maximum retention period required for the purposes for which personal data is processed, personal data planned to be transferred to foreign countries and the measures taken regarding data security.
Processing of
Personal Data
All kinds of operations performed on data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data, either fully or partially by automatic means or non-automatic means provided that it is part of any data recording system.
Board Personal Data Protection Board.
Institution Personal Data Protection Institution
Special Personal Data
Individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
Periodic Destruction
In the event that all the conditions for processing personal data specified in the Law are eliminated, personal and
The process of deletion, destruction or anonymization specified in the data storage and destruction policy and carried out ex officio at recurring intervals.
Policy
Personal Data Protection Policy www.akkasgroup.com
Data Processor
A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.
Data Controller
A natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
4. GENERAL PRINCIPLES
ÖZBİLİM TEXTILE MACHINERY IND. TRADE LTD. ŞTİ. checks the compliance of the data to be processed with the following principles during the preparation phase of each new workflow requiring personal data processing. Workflows that are not found appropriate are not implemented.
ÖZBİLİM TEXTILE MACHINERY IND. TRADE LTD. ŞTİ. while processing personal data;
(I) Complies with the law and rules of honesty.
(II) Ensures that personal data is accurate and up-to-date when necessary.
(III) Ensures that the purpose of processing is specific, clear and legitimate.
(IV) Checks that the processed data is related to the purpose of processing, is processed to the extent necessary and is proportionate.
(V) Stores data only as long as required by the relevant legislation or as necessary for the purpose of processing, and destroys it when the purpose of processing ceases to exist.
5. Measures Taken for Data Security
OZBİLİM TEKSTİL MAKİNALARI SAN. TİC. LTD. ŞTİ. takes all necessary technical and administrative measures to ensure the appropriate level of security in order to (i) prevent unlawful processing of personal data, (ii) prevent unlawful access to personal data, (iii) ensure the preservation of personal data.
5.1. Technical Measures
Network security and application security are provided.
Security measures are taken within the scope of supply, development and maintenance of information technology systems.
Access logs are kept regularly.
Current anti-virus systems are used.
Firewalls are used.
Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
The security of physical environments containing personal data is ensured against external risks (fire, flood, etc.).
The security of environments containing personal data is ensured.
Personal data is backed up and the security of backed up personal data is also ensured.
User account management and authorization control systems are implemented and their monitoring is also carried out.
Log records are kept in a way that will not cause user intervention.
Attack detection and prevention systems are used.
Encryption is carried out.
5.2. Administrative Measures
Disciplinary regulations that include data security provisions are in place for employees.
Training and awareness activities are carried out at certain intervals for employees on data security.
Corporate policies have been prepared and implemented on access, information security, usage, storage and destruction.
Data masking measures are applied when necessary.
Confidentiality commitments are made.
An authorization matrix has been created for employees.
The authorities of employees who change their duties or leave their jobs are removed in this area.
The signed contracts include data security provisions.
Personal data security policies and procedures have been determined.
Personal data security issues are reported quickly.
Personal data security is monitored.
Personal data is reduced as much as possible.
In-house periodic and/or random audits are conducted and carried out.
Existing risks and threats have been determined.
Protocols and procedures for special personal data security have been determined and implemented.
If special personal data is to be sent via e-mail, it must be encrypted and sent using a KEP or corporate mail account.
The awareness of data processing service providers is ensured regarding data security.
6. Rights of the Relevant Person Regarding Personal Data
The relevant person, ÖZBİLİM TEKSTİL MAKİNALARI SAN. TİC. LTD. ŞTİ. can make requests on the following issues:
To learn whether their personal data has been processed,
To request information about their personal data if they have been processed,
To learn the purpose of processing their personal data and whether they are used in accordance with their purpose,
To learn the third parties to whom their personal data has been transferred domestically or abroad,
To request correction of their personal data if they have been processed incompletely or incorrectly and to request notification of the transaction made within this scope to the third parties to whom their personal data has been transferred,
To request deletion, destruction or anonymization of their personal data if the reasons requiring processing are eliminated, despite the fact that they have been processed in accordance with the provisions of the KVKK and other relevant laws, and to request notification of the transaction made within this scope to the third parties to whom their personal data has been transferred,
To request the processing of their processed data m